How Medical Identity Theft Can Give You a Decade of Headaches

See the full article at How Medical Identity Theft Can Give You a Decade of Headaches.

This article tells us a cautionary tale about how Arnold Salinas had his identity stolen by someone who took out medical care in his name. Now, any time he gets medical treatment, he has to be extremely careful that his records are actually his own or face the possibility that he will get the WRONG treatment.

“Medical identity theft affected an estimated 1.5 million people in the U.S. at a cost of $41.3 billion last year, according to the Ponemon Institute, a research center focused on privacy and data security. The crime has grown as health care costs have swelled and job cuts have left people without employer-subsidized insurance. Making matters worse: The complexity of the medical system has made it difficult for victims to clear their name.”

It is so important that patients control and are kept abreast of their medical records, but the current system does not make this easy. According to the article, medical identity theft cases are some of the most difficult to solve and can take years. What makes it so difficult is that “‘…you have to go provider by provider, hospital by hospital, office by office and correct each record,” said Sam Imandoust, a legal analyst with the Identity Theft Resource Center. ‘The frustrating part is while you’re going through and trying to clean up the records, the identity thief can continue to go around and get medical services in the victim’s name. Really there’s no way to effectively shut it down.’” Another problem is even finding out your identity has been stolen. According to Pam Dixon, founder of World Privacy Forum, “the fractured nature of the health care system makes medical identity theft hard to detect. Victims often don’t find out until two years after the crime, and cases can commonly stretch out a decade or longer”. Banks and other institutions are used to dealing with identity theft, but the medical industry isn’t equipped to handle this kind of infringement.

HIT systems among top 10 health tech hazards, says ECRI

Another story about why health technology is not ready for prime time. Today untested, unsafe health technologies and applications that eliminate patient control over sensitive personal health information are mandated for use by physicians and hospitals.

Today patient health data is widely disclosed and sold through electronic systems See ABC Story about the sale of diabetic patient records for $14-$25 per patient). It will be years until patients can control sensitive information (from prescriptions to DNA to diagnoses) because systems were never designed to comply with patients’ rights to control health records. There is no data map to know where our personal health data is held or what it’s being for (see Prof Sweeney explain the need for a health data map on video).

In addition, health technology also poses serious risks to patient including:

  • -patient/data mismatches between systems (which would not happen if patients controlled the use and disclosure of their information)
  • -interoperability failures with medical devices and health IT systems
  • -Caregiver distractions from smartphones and other mobile devices

5 Held Over Apps that Stole Smartphone Info

Read the full article at 5 Held Over Apps that Stole Smartphone Info.

In Japan, “free apps had reportedly been downloaded up to 270,000 times” infecting at least “90,000 people’s smartphones” with a virus that stole “10 million pieces of personal information from users’ address books”. Creating viruses is a crime in Japan.

Criminals want valuable contact information. How much more valuable do you think personal health information is?

The value of health data is the reason theft is the #1 cause of health data breaches (See “Top Reasons for HITECH Breaches As of October. 17, 2012″ by Melamedia. Sign up for free monthly breach statistics at: http://melamedia.com/index.php).

In the US, millions of employees of corporations can obtain, use, and sell your health data (See ABC News Investigation showing diabetic records for sale from $14-25/record at: http://abcnews.go.com/Health/medical-records-private-abc-news-investigation/story?id=17228986&singlePage=true#.UFKTXVHUF-Y).

Loopholes in HIPAA grant millions of employees of providers, doctors, hospitals, insurers, data clearinghouses, and health technology companies the right to use and sell our electronic health records.  We have no way to know when this happens, it’s part of the hidden US “surveillance economy“.

Tell lawmakers and the next President to require health technology systems that put you in control over who can see, use, and sell your electronic health records—from prescriptions to DNA to diagnoses. 90+% of Americans, both Republicans and Democrats, expect to control access to their sensitive health data.

A Future Perspective: Have We Seen The End Of Consumer Privacy In Health Care?

PPR Founder & Chair, Deborah C. Peel, MD, presents on a panel at the 8th Annual Open Minds Technology & Informatics Institute. View her presentation slides here.

In an era of Facebook, reality television, and the internet, it seems that as a society, we don’t view privacy in the same way that we did in the past – that is, except when it comes to health care. Yet the reality is that even that may be changing; in today’s environment, data is more easily shared with electronic health records and consumers have increased access to their own records, and therefore the ability to share information as they choose. But are consumers truly ready to give up privacy? And if they aren’t ready, is there anything we can do to protect patient privacy in our increasingly digital world? In this unique session, our panel of experts will discuss how our definition of privacy has changed over the years and answer the question – Is privacy dead in health care?

Faculty:
Deborah C. Peel, M.D., Founder & Chair, Patient Privacy Rights Foundation
Tim Timmons, CCEP, CHPC, CHP, CHSS, Corporate Integrity Officer, Greater Oregon Behavioral Health, Inc.
Julie Caliwan, Senior Associate, OPEN MINDS

Institute Overview

We know the future of health care will be shaped by technology.
Everything from the way we communicate with consumers, to how we deliver services, to the way we interact with other health care providers is under the influence of technological innovation. The relationship between consumers and provider organizations is already shifting as these innovations change our system in ways that would have been unfathomable just a decade ago – from robots and remote monitoring systems, to neurotechnology and smartphone apps.

Organizations with the best technology strategy will have the competitive edge.
The 2012 OPEN MINDS Technology & Informatics Institute is designed to provide an inside look at the ground-breaking technologies that will influence the health care market in the years to come. By gathering together the industry’s greatest technological innovators, a team of expert faculty, and the country’s top health and human service executives, this institute will not only provide you with a glimpse at the future, but also a strategic roadmap for success along the way.

Do Not Track? Advertisers Say ‘Don’t Tread on Us’

See the full article written by Natasha Singer in the NY Times at Do Not Track? Advertisers Say ‘Don’t Tread on Us’

Americans are all victims of a massive hidden “surveillance economy” that collects and sells every bit of online information about us (and health information is the most valuable of all). This story is about the battle between the US data mining industry and the consumers, patients, and corporations that oppose secret data mining.

“Brendon Lynch, Microsoft’s chief privacy officer, said a recent company study of computer users in the United States and Europe concluded that 75 percent wanted Microsoft to turn on the Do Not Track mechanism. “Consumers want and expect strong privacy protection to be built into Microsoft products and services.”

“The Association of National Advertisers recently attacked Microsoft because Microsoft’s new browser will automatically tell hidden data collectors ‘Do Not Track’ users online.  “Microsoft’s action is wrong. The entire media ecosystem has condemned this action,” the letter said.”

It’s not surprising to see this attack by the data mining industry on Microsoft. There will be many more attacks as the public realizes the harms that are caused by unfettered corporate and government collection of personal information.  Today’s surveillance economy is based on monetizing personal data, selling intimate minute-by-minute profiles of our minds and bodies.

Re: Social media and patient privacy lessons ripped from the headlines

Karen Cheung-Larivee’s recent FierceHealthcare article, “Social media and patient privacy lessons ripped from the headlines” once again reminds us that health privacy isn’t a concern limited to how information is exchanged in and among doctors’ offices or hospitals. Rather, it reminds us that even the casual ways people reveal parts of their personal lives to their own social networks can sometimes mean violating someone’s health privacy when they reveal sensitive pieces of information about other people’s lives too.

Unfortunately, there aren’t really rules protecting people from the harms that can occur when someone else broadcasts their personal information in the wild wild west of social media. However, that doesn’t mean institutions are completely absolved of their responsibility to protect patients’ privacy, no matter the environment. As the article points out:

One of the most common situations of social media fumbles are patients posting about other patients. Although it’s not a breach of HIPAA or HITECH (because patients aren’t considered “covered entities”), the hospital still has a responsibility under state law to protect patients.

No doubt social media provides a medium that allows us to connect and reach out to others in new and powerful ways. However, as users of these tools, we must also be mindful of how the ways we connect and interact with the rest of the world can have damaging effects on ourselves and others, whether it’s in the here and now or some point down the line.

Has your health privacy ever been violated as a result of social media? Are you willing to talk about what happened so others might learn from your experience? Please use this form to share your story.

Benefits of Online Medical Records Outweigh the Risks- Includes Opposing Quotes from Dr. Deborah Peel

An article written by Larry Magid in the Huffington Post quotes PPR when speaking about the issues surrounding electronic health records. You can view the full article here: Benefits of Online Medical Records Outweigh the Risks.

“There are also privacy concerns. In a 2010 Wall Street Journal op-ed, psychiatrist Deborah Peel, founder of Patient Privacy Rights, complained that ‘lab test results are disclosed to insurance companies before we even know the results.’ She added that data is being released to ‘insurers, drug companies, employers and others willing to pay for the information to use in making decisions about you, your job or your treatments, or for research.’ Her group is calling for tighter controls and recognition that “that patients own their health data.'”

Insurance dependents can face special challenges on privacy

The article,  “Insurance dependents can face special challenges on privacy” by Michelle Andrews, recently posted in The Washington Post details the liabilities insurance dependents could come in contact with as a result of HIPAA regulations and insurance billing. “The privacy rule of the federal Health Insurance Portability and Accountability Act (HIPAA)… generally prohibits the unauthorized disclosure of individuals’ medical records and other health information. But there’s a catch. Health-care providers and insurers can generally use such information when trying to secure payment for treatment or other services.” This can be a big problem for dependents undergoing sensitive treatments such as substance abuse programs, care and treatment for sexually transmitted diseases, contraception, and mental health support because the bill can be submitted to the policy holder with the treatment outlined in full depending on state law.

Be informed about your state law and insurance policy and ensure your privacy!

  • “Under federal privacy regulations, patients can request that insurers not disclose confidential information or ask that they send it to an address of their choosing. Insurers are required to comply if not doing so would endanger the patient, says English — for example, if disclosure might pose a threat of domestic violence.”

Onward and upward: ONC to automate Blue Button

See the full article in HealthcareITNews: Onward and upward: ONC to automate Blue Button

Why “Blue Button” matters: It is the critical first step to restore your control over personal health data.

  • -If we can’t get our data (via a “Blue Button”), we can’t use or control it—-much less check for errors.
  • -Few of us expect or know that today our sensitive health data flows to hidden businesses and users that have nothing to do with our health or treatment—which is why we need a map of health data flows:
    • -See Prof Sweeney explain this project in a brief video: http://tiny.cc/f466kw
    • -Today’s electronic health system allows millions of people who work for doctors, hospitals, insurers, health technology companies, and health data clearinghouses, etc, to use, disclose and sell our health data without consent.
  • -The current health technology system guarantees harms: like use of personal health data by employers and banks, ID theft and medical ID theft, and health data sales (see ABC World News story that shows the sale of diabetic patient data at: http://tiny.cc/un96kw ).

In 2001, the HIPAA Privacy Rule stated that patients should be able to download electronic copies of personal health data. Finally the federal government, through the Office of the National Coordinator for Health Information Technology (ONC), will actually require all electronic health records systems to let us do that.

  • -FYI—The box to click and download personal health information is known as a “Blue Button”. Some places already let patients do this (the VA system and MD Anderson for example).

When personal control over health data is restored, we can send our records to all the right places (for treatment and research) and NOT send records to hidden users and corporations that use it now to discriminate against us for jobs or credit, for ID theft, to impersonate us and use our health insurance to obtain treatment (medical ID theft), or for insurance, Medicare, and Medicaid fraud.

When the Privacy Button is Already Pressed

See the full article in the New York Times at: When the Privacy Button is Already Pressed

There is no “DO NOT TRACK” button in HIPAA. What happens when the public finds out they have no button to control the use and sale of intimate information about their minds and bodies?

This story shows the public is waking up to privacy:

*        11% of Mozilla users have turned ‘Do Not Track’ on.

*        18% of those with Firefox on Android phone use ‘Do Not Track’.
From sexual preferences, to records of child abuse, to DNA, to prescription records—–HIPAA and electronic systems eliminate our control over personal health information. Others decide when to use, disclose, or sell it. There is no “chain of custody” for personal health data. We can’t find out who collects and uses our health data. We can’t read a ‘data map’ and see where our health data flows. There is no health data map. See ABC World News story about the sale of health data: http://abcnews.go.com/Health/medical-records-private-abc-news-investigation/story?id=17228986&singlePage=true#.UFKTXVHUF-Y

The first step to fix any problem is to KNOW about it. Then we have to demand that law makers fix this disaster. Health information should not be used to make hidden decisions about our jobs, reputations, or credit.

Health technology can provide enormous benefits—but systems have to be re-designed so we control who sees and uses our health records. The best way to prevent harm is keep health data out of the hands of hidden users. Anyone who wants to use our health records should have to ask.